server {
listen 80;
listen [::]:80;
server_name YOUR_DOMAIN;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR_DOMAIN;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-XSS-Protection "1; mode=block";
ssl_certificate     /etc/CHANGE_THIS/fullchain.pem;
ssl_certificate_key /etc/CHANGE_THIS/privkey.pem;
ssl_dhparam         /etc/CHANGE_THIS/dhparam.pem;
keepalive_timeout    70;
sendfile             on;
client_max_body_size 20m;
root /var/www/example.com;
location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ {
return 302 /;
}
location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
return 404;
}

# Main
rewrite ^/home/?$ / permanent;
rewrite ^/login/?$ /login/login.php break;
rewrite ^/auth/?$ /login/auth.php break;
rewrite ^/logout/?$ /login/logout.php break;
rewrite ^/terms/?$ /login/terms.php break;
rewrite ^/privacy/?$ /login/privacy.php break;
rewrite ^/imprint/?$ /login/imprint.php break;

# LTL
rewrite ^/local/?$ /local.php break;

# FTL
rewrite ^/federated/?$ /federated.php break;

# Notice
rewrite ^/notifications/?$ /notifications.php break;

# Who to follow
rewrite ^/whotofollow/?$ /who_to_follow.php break;

# Direct
rewrite ^/direct/?$ /direct.php break;

# Instance
rewrite ^/instance/?$ /instance.php break;

# Lists
rewrite ^/lists/?$ /lists.php break;
rewrite ^/lists/(\d+)/?$ /lists_view.php?id=$1 break;
rewrite ^/lists/(\d+)/add/?$ /lists_add.php?id=$1 break;

# Search
rewrite ^/search/?$ /search_hash_tag.php break;
rewrite ^/search/users/?$ /search_user.php break;

# Settings
rewrite ^/settings/?$ /settings_general.php break;
rewrite ^/settings/profile/?$ /settings_profile.php break;
rewrite ^/settings/appearance/?$ /settings_appearance.php break;
rewrite ^/settings/filters/?$ /settings_filters.php break;
rewrite ^/settings/media/?$ /settings_media.php break;

# User
rewrite ^/@(.+)@(.+)\.([a-z]+)/?$ /user.php?user=@$1@$2\.$3 break;
rewrite ^/@(.+)@(.+)\.([a-z]+)/status/(.+?)?$ /user.php?user=@$1@$2\.$3&status=$4 break;
rewrite ^/@(.+)@(.+)\.([a-z]+)/media/?$ /user_only_media.php?user=@$1@$2\.$3 break;
rewrite ^/@(.+)@(.+)\.([a-z]+)/with_replies/?$ /user_include_replies.php?user=@$1@$2\.$3 break;
rewrite ^/@(.+)@(.+)\.([a-z]+)/followers/?$ /user_followers.php?user=@$1@$2\.$3 break;
rewrite ^/@(.+)@(.+)\.([a-z]+)/following/?$ /user_following.php?user=@$1@$2\.$3 break;
rewrite ^/@(.+)@(.+)\.([a-z]+)/favourites/?$ /user_favorite.php?user=@$1@$2\.$3 break;

# Image
rewrite ^/avatars/original/missing.png$ /assets/images/missing.png break;
rewrite ^/headers/original/missing.png$ /assets/images/missing_header.png break;

# 404
rewrite ^/404/?$ /404.php break;

location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
}
